[OpenAFS] PAM-AFS isn't working with openssh-3.7.1p1 (sun4x_58)
John Tang Boyland
boyland@solomons.cs.uwm.edu
Wed, 17 Sep 2003 11:44:11 -0500
I installed the new version of openssh-3.7.1p1 on our Sparc Solaris
machines but it no longer seems to correctly get a PAG.
(We're using Openafs-1.2.10 with pam_afs from there.)
Our pam.conf entry (unchanged from openssh 3.4p1) is
sshd auth requisite pam_authtok_get.so.1
sshd auth optional pam_dhkeys.so.1
sshd auth optional pam_unix_auth.so.1
sshd auth optional pam_afs.so.1 try_first_pass ignore_root
What happens is very interesting:
Authentication works in that the AFS password is sufficient
to enter the system, but then one gets a PAG assigned
arbitrarily from existing PAGs for that user on the machine,
and thus one gets the tokens (if any) for that PAG.
(I configured openssh --with-pam but without AFS support -- I'm
not trying to do token passing.)
John